If you're using CGI (of course you are. . .) you can use the escapeHTML method it provides, thusly-

"<TR><TD COLSPAN=6>$q->escapeHTML($row->{message})</TD></TR>",
[download]

If it freaks out and prints a hashref instead of your html, you need to stuff the output of $q->escapeHTML($row->{message}) into a scalar and use that. Does anyone know why this happens with return values from CGI methods?

-Any sufficiently advanced technology is
indistinguishable from doubletalk.